Various examples are directed to systems and methods for executing a web application with client-side encryption. A web application may execute in a web browser at a client computing device. The web browser may generate a document comprising a secure display element. The web browser may request to render the document at the client computing device. A cryptographic tool of the web browser may decrypt the first encrypted value to generate a first clear value. The web browser may render the document at an output device of the client computing device using the clear value. The web browser may also be programmed to prevent the web application from accessing the first clear value.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A system for executing a web application with client-side encryption, the system comprising: a client computing device comprising at least one hardware processor programmed to execute a web browser and an output device, wherein the client computing device is also programmed to perform operations comprising: generating a document by a web application executing in the web browser, wherein the document comprises a plurality of elements, the plurality of elements comprising a secure display element and a secure input element, the secure display element comprising a secure display element name and a first encrypted value; requesting, by the web application, to render the document at the client computing device; decrypting, by a cryptographic tool of the web browser, the first encrypted value to generate a first clear value, wherein the web browser is programmed to prevent the web application from accessing the first clear value; rendering the document with a rendering engine of the web browser at the output device of the client computing device, the rendering using the first clear value; displaying a secure input field at a user interface of the web browser; receiving, by the web browser, a second clear value via the secure input field; encrypting, by the cryptographic tool, the second clear value using a cryptographic key indicated by the secure input element to generate a second encrypted value; and providing, by the web browser, the second encrypted value to the web application, wherein the web browser is programmed to prevent the web application from accessing the second clear value.
2. The system of claim 1 , wherein the secure display element further comprises an indication of a cryptographic key stored at a key store of the cryptographic tool, and wherein the decrypting is based at least in part on the cryptographic key.
3. The system of claim 1 , wherein the secure display element further comprises an indication of a cryptographic algorithm, and wherein the decrypting comprises executing the cryptographic algorithm.
4. The system of claim 1 , wherein the operations further comprise: determining, by the web browser, that the web application has modified the first encrypted value to a modified first encrypted value; decrypting, by the cryptographic tool, the modified first encrypted value to generate a modified first clear value; and modifying the rendering of the document to replace the first clear value with the modified first clear value.
5. The system of claim 1 , wherein the client computing device comprises a touchscreen, and wherein the operations further comprise displaying at the touchscreen a secure keyboard for receiving the second clear value.
6. The system of claim 1 , wherein the operations further comprise launching a secure input application to provide an input application user interface comprising the secure input field.
7. A method for executing a web application with client-side encryption, the method comprising: generating a document by the web application, the web application executing in a web browser at a client computing device, wherein the document comprises a plurality of elements, the plurality of elements comprising a secure display element and a secure input element, the secure display element comprising a secure display element name and a first encrypted value; requesting, by the web application, to render the document at the client computing device; decrypting, by a cryptographic tool of the web browser, the first encrypted value to generate a first clear value, wherein the web browser is programmed to prevent the web application from accessing the first clear value; rendering the document with a rendering engine of the web browser at an output device of the client computing device, the rendering using the first clear value; displaying a secure input field at a user interface of the web browser; receiving, by the web browser, a second clear value via the secure input field; encrypting, by the cryptographic tool, the second clear value using a cryptographic key indicated by the secure input element to generate a second encrypted value; and providing, by the web browser, the second encrypted value to the web application, wherein the web browser is programmed to prevent the web application from accessing the second clear value.
8. The method of claim 7 , wherein the secure display element further comprises an indication of a cryptographic key stored at a key store of the cryptographic tool, and wherein the decrypting is based at least in part on the cryptographic key.
9. The method of claim 7 , wherein the secure display element further comprises an indication of a cryptographic algorithm, and wherein the decrypting comprises executing the cryptographic algorithm.
10. The method of claim 7 , further comprising: determining, by the web browser, that the web application has modified the first encrypted value to a modified first encrypted value; decrypting, by the cryptographic tool, the modified first encrypted value to generate a modified first clear value; and modifying the rendering of the document to replace the first clear value with the modified first clear value.
11. The method of claim 7 , wherein the client computing device comprises a touchscreen, further comprising displaying at the touchscreen a secure keyboard for receiving the second clear value.
12. The method of claim 7 , further comprising launching a secure input application to provide an input application user interface comprising the secure input field.
13. A non-transitory machine-readable medium comprising instructions thereon that, when executed by at least one hardware processor, cause the at least one hardware processor to perform operations comprising: generating a document by a web application, the web application executing in a web browser executed by the at least one hardware processor, wherein the document comprises a plurality of elements, the plurality of elements comprising a secure display element and a secure input element, the secure display element comprising a secure display element name and a first encrypted value; requesting, by the web application, to render the document at a display in communication with the at least one hardware processor; decrypting, by a cryptographic tool of the web browser, the first encrypted value to generate a first clear value, wherein the web browser is programmed to prevent the web application from accessing the first clear value; rendering the document with a rendering engine of the web browser at an output device associated with the at least one hardware processor, the rendering using the first clear value; displaying a secure input field at a user interface of the web browser; receiving, by the web browser, a second clear value via the secure input field; encrypting, by the cryptographic tool, the second clear value using a cryptographic key indicated by the secure input element to generate a second encrypted value; and providing, by the web browser, the second encrypted value to the web application, wherein the web browser is programmed to prevent the web application from accessing the second clear value.
14. The medium of claim 13 , further comprising: determining, by the web browser, that the web application has modified the first encrypted value to a modified first encrypted value; decrypting, by the cryptographic tool, the modified first encrypted value to generate a modified first clear value; and modifying the rendering of the document to replace the first clear value with the modified first clear value.
15. The medium of claim 13 , wherein the secure display element further comprises an indication of a cryptographic key stored at a key store of the cryptographic tool, and wherein the decrypting is based at least in part on the cryptographic key.
16. The medium of claim 13 , wherein the secure display element further comprises an indication of a cryptographic algorithm, and wherein the decrypting comprises executing the cryptographic algorithm.
17. The medium of claim 13 , the operations further comprising displaying a secure keyboard for receiving the second clear value at the display.
18. The medium of claim 13 , the operations further comprising launching a secure input application to provide an input application user interface comprising the secure input field.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 13, 2018
November 3, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.